Oauth2 flow types or grant types:
- Authorization code flow
- Implicit flow
- Resource owner flow
- Client credential flow
1. Authorization code flow
If a third party web or mobile application wants access the resources from your server, we should choose this flow.2. Implicit flow
If the application is a purely a client side application(ex: written only in Javascript) and no server side code, then we can use this flow. EX : Outlook or other Mail applications, where it depends only on the resource server and it’s doesn’t own anything in the backend.3. Resource owner flow
If there’s a high level of trust between user and application or application and oauth provider, we can choose this application. If the application is the owner of the resource, we can use this flow.Ex: if your company have webapp, mobile app and any other application and all needs to access the same resource and your company owns the oauth server, we can go and use this flow. Here, there’s a complete trust between the app and auth server or the app and user.
4. Client credential flow
If the client is also a backend server, we can go & use this flow.
Please read the below terminologies used in oauth
1. Scope
2. Claims
3. Client_id
4. Client_secret
5. Redirect_URI
6. Authorization_code
7. Grant type
8. Access Token
9. Refresh Token
10. Transfer Token
Claims can be anything that can allow the service to make a well informed authorization decision.
No comments:
Post a Comment